Installing and configuring the Symantec Endpoint
Protection Manager with an embedded database
Installing with the embedded database is the easiest way to install Symantec
Endpoint Protection Manager. The embedded database supports up to 5,000 clients.
If you choose to configure the management server in Simple mode the embedded
database is selected automatically.
The installation of Symantec Endpoint Protection Manager is divided into three
parts:
■
The first part installs the management server and console.■
The second part configures the server and creates the database.■
You can deploy the client software during the management server installation
or later.
Each part consists of a wizard. When the wizard for each part completes, a prompt
is displayed asking you whether you want to continue with the next wizard or not.
The third part creates and deploys client software to the client computers.To install Symantec Endpoint Protection Manager
1
Insert the product disc into the drive, and start the installation.2
In the Welcome panel, do one of the following actions:■
Endpoint Protection Manager
To install for Symantec Endpoint Protection, click Install Symantec.■
Network Access Control
Protection Manager
To install for Symantec Network Access Control, click Install Symantec, and then click Install Symantec Endpoint.Installing and configuring the Symantec Endpoint Protection Manager
Installing and configuring the Symantec Endpoint Protection Manager with an embedded database
64
3
A check is performed to see if the computer meets the minimum system
requirements. If it does not, a message indicates which resource does not
meet the minimum requirements. You can click
Symantec Endpoint Protection Manager, but performance can be adversely
affected.
On the Welcome pane of the Installation Wizard, click Next.Yes to continue installing4
agreement
In the License Agreement panel, check I accept the terms in the license, and then click Next.5
and then click
In the Destination Folder panel, accept or change the installation directory,Next.6
On the Select Web site panel, do one of the following:■
only Web server on this computer, check
then accept or change the
To configure the Symantec Endpoint Protection Manager IIS Web as theCreate a custom Web site, andTCP Port.■
with other Web sites on this computer, check
To let the Symantec Endpoint Protection Manager IIS Web server runUse the default Web site.7
Click Next.8
In the Ready to Install the Program panel, click Install.9
appears, click
Wait for the Management Server Configuration Wizard dialog box to appear,
which can take several seconds. If you are prompted to restart the computer,
restart the computer, log on, and the wizard appears automatically for you
to continue.
When the installation finishes and the Install Wizard Completed panelFinish.10
Simple or Advanced.
Follow the steps for the appropriate mode of configuration that you select:Installing and configuring the Symantec Endpoint Protection Manager 65
Installing and configuring the Symantec Endpoint Protection Manager with an embedded database
To configure the Symantec Endpoint Protection Manager with an embedded
database in Simple mode
1
and then click
In the Management Server Configuration Wizard dialog box, select Simple,Next.2
an administrator email address.
The password is the admin account password that you use to log on to the
Symantec Endpoint Protection Manager Console. The password is also used
as the encryption password necessary for disaster recovery and for adding
optional Enforcers. After installation, the encryption password does not
change, even if the password for the admin account is changed.
Document this password for when you install Symantec Endpoint Protection
in your production environment.
Provide and confirm a password of 6 or more characters. Optionally, provide3
Click Next.4
Symantec Endpoint Protection Manager. You can print a copy of the settings
to maintain for your records, or click
Wait while the installation creates the database, which can take several
minutes.
The configuration summary panel displays the values that are used to installNext.5
of the following:
In the Management Server Configuration Wizard Completed panel, do one■
click
See
To deploy client software with the Migration and Deployment Wizard,Yes, and then click Finish.“Configuring and deploying client software” on page 90.■
and then deploy client software, click
To log on to the Symantec Endpoint Protection Manager Console first,No, and then click Finish.To configure the Symantec Endpoint Protection Manager with an embedded
database in Advanced mode
1
and then click
In the Management Server Configuration Wizard dialog box, select Advanced,Next.2
Select the number of clients you want this server to manage, and then clickNext
This selection appears only when you install the Symantec Endpoint
Protection Manager for the first time on this computer.
.3
Check Install my first site, and then click Next.Installing and configuring the Symantec Endpoint Protection Manager
Installing and configuring the Symantec Endpoint Protection Manager with an embedded database
66
4
click
In the server information panel, accept or change the default values, and thenNext.5
name, and then click
In the site name panel, in the Site name box, accept or change the defaultNext.6
click
Document this password and store it in a safe, secure location. You cannot
change or recover the password after you create the database. You must also
enter this password for disaster recovery purposes if you do not have a backed
up database to restore.
After you install Symantec Endpoint Protection Manager and become
comfortable with administration tasks, you must secure the cryptographic
files that you require to recover from a disaster.
See
In the encryption password panel, provide and confirm a password, and thenNext.“About preparing for disaster recovery” on page 187.7
In the database type panel, check Embedded database, and then click Next.8
of 6 or more characters. Optionally, provide an administrator email address.
Click
Use the user name and password that you set here to log on to the console
for the first time.
Wait while the installation creates the database, which can take several
minutes.
In the system administrator account panel, provide and confirm a passwordNext.9
of the following:
In the Management Server Configuration Wizard Completed panel, do one■
click
See
To deploy client software with the Migration and Deployment Wizard,Yes, and then click Finish.“Configuring and deploying client software” on page 90.■
and then deploy client software, click Installing additional Symantec Endpoint Protection
Manager consoles
You can install additional management consoles on additional computers so that
you can remotely log on to and manage Symantec Endpoint Protection Manager.
The consoles require Java runtime software, so if your computer does not run the
correct version of Java runtime, it installs automatically. You may have to adjust
your Internet Explorer settings for ActiveX and Java to permit installation.
Note:
the packages are stored on the computer on which the console is running. The
management console is also installed on computers you use for failover or load
balancing.
If you export client installation packages from a remote management console,To install additional Symantec Endpoint Protection Manager consoles
1
Explorer.
On the computer on which to install the management console, start Internet2
runs the Symantec Endpoint Protection Manager:
In the URL box, type one of the following identifiers for the computer that■
http://computer_name:9090■
http://computer_IP_address:90909090 is the default Web console port used during server configuration. You
can change the Web console port using the Reconfigure management server
option in the Management Server Configuration wizard.
3
and install JRE 1.5.0.15.
You may be prompted to allow an ActiveX control to install.
In the Symantec Policy Management Console window, click Here to download4
If prompted with a security warning, click Install.Installing and configuring the Symantec Endpoint Protection Manager 75
Installing additional Symantec Endpoint Protection Manager consoles
5
Follow the steps on the installation wizard, and then click Finish.6
Symantec Endpoint Protection Manager
If this link does not appear, refresh the page or reconnect to it.
In the browser window, click Click here to download and log in to the.7
In the Security Warning dialog box, click Run.8
Click
In the Create shortcut dialog box, click Yes.Configure to open the Java configuration dialog.9
Endpoint Protection Manager, and then click
In the Logon prompt, type a user name and password for the SymantecLog On.10 Configuring and deploying client software
The Migration and Deployment Wizard lets you configure a client software
package. The Push Deployment Wizard then optionally appears to let you deploy
the client software package.
Note:
You may want to create this directory before you start this procedure. Also, you
need to authenticate with administrative credentials to the Windows Domain or
Workgroup that contain the computers.
Deploying client software to computers that run firewalls, and that run Windows
XP, Windows Vista, or Windows Server 2008 have special requirements. Firewalls
must permit remote deployment over TCP ports 139 and 445. Also, the computers
that are in workgroups and that run Windows XP must disable simple file sharing.
Windows Vista and Windows Server 2008 have additional requirements.
See
See
You can also use the Find Unmanaged Computers utility that lets you discover
the client computers that do not run client software and then install the client
software on those computers.
See
This procedure has you select a directory in which to place installation files.“About disabling and modifying Windows firewalls” on page 52.“About preparing computers for remote deployment” on page 53.“Deploying client software with Find Unmanaged Computers” on page 97.To configure client software
1
Start the Migration and Deployment Wizard by doing one of the following:■
Protection Manager > Migration and Deployment Wizard
The path may be different depending on the version of Windows you use.
Onthe Windows Start menu, click Start>Programs>SymantecEndpoint.■
On the last panel of the Management Server Configuration Wizard, clickYes
, and then click Finish.Installing Symantec client software
Configuring and deploying client software
90
See
with an embedded database
“Installing and configuring the Symantec Endpoint Protection Manager” on page 64.2
In the Welcome to the Migration and Deployment Wizard panel, click Next.3
Endpoint Protection only), and then click
In the What would you like to do panel, check Deploy the client (SymantecNext.4
deploy clients to
After you have deployed client software and logged on to the console, you
can locate this group in the console.
In the next panel, check Specify the name of a new group that you wish to, type a group name in the box, and then click Next.5
install (Symantec Endpoint Protection only), and then click
In the next panel, uncheck any types of protection that you do not want toNext.6
files, and user interaction.
In the next panel, check the installation options that you want for packages,7
file(s), and then click
Click Browse, locate and select a directory in which to place the installationOpen.8
Click Next.9
It can take several minutes to create and export the installation package for
your group before the Push Deployment Wizard appears.
In the next panel, check Yes, and then click Finish.To deploy the client software with the Push Deployment Wizard
1
and select the computers on which to install the client software, and then
click
In the Push Deployment Wizard, under Available computers, expand the treesAdd >.2
password, and then click
The user name and password must be able to authenticate to the Windows
Domain or Workgroup that contains the computers.
In the Remote Client Authentication dialog box, type the user name andOK.3
pane, click Creating client installation packages
You can create both 32-bit and 64-bit client installation packages. A client
installation package that uses default settings is created when you install the
Symantec Endpoint Protection Manager. If you install this package, clients appear
in the Default group and receive the default policies. You can also create an
Installing Symantec client software
Creating client installation packages
94
installation package that is customized for a group. This installation package can
contain customized group polices and settings.
You can create client installation packages for groups at any time. If you customize
a policy for a group, you can create a client installation package for that group.
You do not have to reinstall client installation packages to existing client
computers in a group to change a policy. As you make changes to policies in a
group, these changes are automatically propagated to the installed clients in that
group.
Note:
unattended option to computers running Microsoft Windows Server 2008 or
Microsoft Vista (x64). Only the silent option should be used for installation
packages deployed to computers running Microsoft Vista (x86).
Client installation packages should be deployed with the silent or theNote:
For more information about client installation packages, see theAdministration Guide for Symantec Endpoint Protection and Symantec Network
Access Control
.To create client installation packages
1
In the Symantec Endpoint Protection Manager console, click Admin.2
In the Tasks pane, click Install Packages.3
In the right pane, under Package Name, select the package to export.4
In the lower-left pane, under Tasks, click Export Client Install Package.5
In the Export Package dialog box, click Browse.6
contain the exported package, and then click
In the Select Export Folder dialog box, browse to and select the directory toOK.7
installation goals.
For details about the other options in this dialog box, click
In the Export Package dialog box, set the other options according to yourHelp.8 Deploying client software with the Push Deployment
Wizard
The Push Deployment Wizard either appears automatically when you use the
Migration and Deployment Wizard, or you can use the Windows Start menu. You
must decide what client software package you want to deploy before you run the
wizard, and in what folder the package exists. You have to locate it during
deployment.
To deploy client software with the Push Deployment Wizard
1
Start the Migration and Deployment Wizard by doing one of the following:■
Protection Manager > Migration and Deployment Wizard
The path may be different depending on the version of Windows you use.
Onthe Windows Start menu, click Start>Programs>SymantecEndpoint.■
On the last panel of the Management Server Configuration Wizard, clickYes
, and then click Finish.2
In the Welcome panel, click Next.3
Click Deploy the client (Symantec Endpoint Protection only), and then clickNext
.4
Click Selectanexistingclient installpackagetodeploy, and then click Finish.5
the folder that contains the installation package you want to deploy, and then
click
In the Push Deployment Wizard panel, click Browse, navigate to and selectOK.6
then click
Approve or modify the maximum number of concurrent deployments, andNext.7
computers on which to install the client software.
As an alternative, you can import a workgroup or domain of computers, and
also a text file list of computers.
See
In the Select Computers panel, under Available computers, select the“Importing a list of computers from a text file” on page 98.Installing Symantec client software
Deploying client software with the Push Deployment Wizard
96
8
Click Add.9
password, and then click
The user name must be able to authenticate to the Windows Domain or
Workgroup that contains the computers.
In the Remote Client Authentication dialog box, type a user name andOK.10
pane, click When you have selected all of the computers and they appear in the rightFinish.Click OK.When you have selected all of the computers and they appear in the rightFinish.Complete the authentication process.To log on to the Symantec Endpoint Protection Manager Console first,No, and then click Finish.
No comments:
Post a Comment